Cloud computing has developed rapidly in recent years. The technology is increasingly mature, gradually transformed into products from an early theoretical stage and put on the market. Whether network manufacturers and operators, or communication manufacturers and infrastructure network operators, all of these show tremendous concern on the cloud computing. Cloud computing in a narrow sense refers to delivery and usage modes of Internet Technology (IT) infrastructure, meaning that the desired resources are acquired in an on-demand and easily extended way. Cloud computing in a broad sense refers to delivery and usage modes of service. A form of the service is based on a data centre having immense computing power. Various customized services are operated by the computing power provided by the data centre, and then are provided to a user through an Internet. Cloud computing service is mainly different from common network service in that it has dynamic extension characteristics and virtualization technology is widely used.
The cloud computing has the advantages of super-large scale, virtualization, security and reliability, and the like. For network operators, since the cloud computing uses dynamic resource allocation and extension technology, the operating costs and operation and maintenance costs are greatly reduced. Under the environment of cloud computing, all resources can be operated, and can be provided as service. The resources include application programs, software, platforms, processing capability, storage, networks, computing resources and other infrastructures, and the like. For users, the cloud computing makes it possible to consume services anytime and anywhere. A user can obtain IT resources required to operate traffic without heavy investment. The user can fully rent IT resources according to his own demand, just as water, electricity, and gas, acquires them and is charged on demand.
There are generally three main service modes in the cloud computing: Infrastructure as a Service (Iaas), Platform as a Service (PaaS) and Software as a Service (SaaS). However, according to the deployment pattern of service, it can be divided into private cloud, public cloud and hybrid cloud.
At present, the cloud computing is becoming a next service hotspot of providers, which advocates an on-demand supply, dynamic charging, easily extended and dynamic energy-saving regulation technology. The cloud computing will provide corresponding service for different service people and different traffic types, and transplants huge computational load to the cloud, thereby truly implementing on-demand supply of service.
On the cloud computing platform, data security is the greatest concern to users. Thus, various security protection measures on the cloud computing platform are of great importance. Security can be taken as a resource on the cloud computing platform, and security requirements for traffic on user and cloud platforms are supplied on demand. Therefore, secure on-demand supply is an important characteristic of a cloud computing platform security solution, the necessity of which is mainly reflected in the following aspects:
(1) Increasingly rich traffic causes the diversity of security requirements
Cloud computing advocates to operate large-scale computing task load on the cloud, but a client terminal can acquire corresponding data by lightweight application (e.g., web application). However, with the development of IT technology and the extension of application requirement, as well as the continuous increase of computation amount, the traffic established on the cloud tends to be diversified. In order to make better use of resources, it is necessary to establish an on-demand supply security mechanism.
On the one hand, there are different security requirements for different traffics. Using a single security mechanism cannot accommodate the requirement of traffic diversification. On the other hand, for the same traffic, traffic security requirements may be different towards different users on different occasions. For example, multimedia video traffic only needs low-level security assurance service when used in video on demand. However, when used in commercial video conference, if the asset value of transmitted information is high, high-level security assurance service is needed. Therefore, by analyzing from the perspective of traffic requirement, it is necessary for cloud computing service to provide a technical mechanism, to make specific traffic capable of selecting security assurance of appropriate level and technology. The choice can belong to the terminal or the cloud server, or can be negotiated by both parties on the basis of equality.
(2) Only the hierarchical security service can use resources effectively
For traditional application services, the way of providing service is to provide external service by using the IT infrastructure of a company or an application deployed thereon. In this way, idle resources cannot be used sufficiently, and the facilities of this service form are required to be higher than service peak, otherwise it will cause traffic loss or system paralysis. However, a traditional security solution also requires that the security mechanism needs to meet the security of the highest level traffic within the system.
On the other hand, there are different security requirements for traffics of different companies. For example, security authentication technology of online payment service is stricter than that of voice chat. Although the traffic is the same, different focus of company strategy has different deployment for security requirement. For the same network storage service, some service providers place emphasis on data integrity, some service providers place emphasis on data confidentiality, and other service providers place emphasis on transmission speed.
When the service provider moves traffic to the cloud computing platform, the difference in security requirements limits the deployment of the traffic. If high level security service is applied uniformly (for example, all of contents are encrypted by a digital signature), the rational use of computing resources will be severely restricted. The use of high level security for traffic with little information value means wasting a lot of computing resources. In this sense, it is necessary to perform proper grading treatment according to the size of information asset value. For the communication of high security requirement, the security assurance is high, and for the communication of low security requirement, the security assurance is low, thereby being capable of establishing compensation mechanism for use of resources to effectively utilize the resources. This just reflects the advantages of on-demand supply service of cloud computing platform.
(3) Different application scenarios cause different security risks, so the desired security strength is different
The use of traffic under different application scenarios may be at different risks. For the application scenario of low risk, for example, when the cloud computing platform is connected by a local area network in an office place, only a low-strength security algorithm and protocol are needed to protect traffic data to achieve a higher security level. However, once connected to the scenarios, the same traffic is transferred from an office place to an open network, for example, when connected through wireless WiFi, the system needs to call a stronger security algorithm and protocol to reach the requirement of the same security level as the office place.
(4) Simple and efficient security services for users
The security services have rich connotations, including: infrastructure security service, such as encryption, authentication, non-repudiation and integrity protection; and service security service, such as online virus scanning, intrusion detection, security warning and content monitoring. Thus, a simple management tool is needed to assist the user in integrating the necessary security configuration, providing one-stop security service for the user. In addition to preventing information from being illegally acquired, it is also necessary to guard against wide security threats, such as virus attack, illegal information collection by Trojans, user cheat and other threats, so the security solution becomes increasingly complex. However, the user needs to engage in various traffics simply and effectively, so it is necessary to handle complex security service and corresponding security configuration through the network as much as possible, so as to ensure that the user can enjoy various secure traffics without professional security knowledge.
From the above descriptions, for different traffic types, the security level required by the user is different. For the same traffic type, the security levels required by different users are also different. Different application scenarios cause different security risks. At the same security level, the required security algorithm strength is also different. Therefore, it is necessary for the cloud computing security solution to adopt the on-demand supply technology, and according to different users, different traffic types and different application scenarios, corresponding security strategies are adopted to provide safe, reasonable and reliable protection to specific traffics and users. On the premise of meeting the security requirements of the user, cloud platform resources are saved to the greatest extent. At present, the thought of secure on-demand supply only stays in the theoretical stage, so there has not yet been a technical solution for reference.